Feb 14, 2020

by Paul Young, Solutions Marketing Manager at Orchard

Infographic: 5 things that should be in every IT Disaster Recovery Plan

Every organisation will experience outages at some stage, whether it be from a loss of internet connection, a cyber attack, hardware failure, software crashes or even fire or flood damage. Due to this, it’s important to know how to respond. However only 21% of small & medium-sized enterprises have a full disaster recovery plan in place.1

Like the old saying goes, “by failing to prepare, you are preparing to fail,” and this is very true when it comes to business continuity.

How would your organisation cope in the event of a major outage and how would your customers react? Chances are they wouldn’t be best pleased if they are unable to get in touch, make payments, track orders etc.

To ensure business continuity you need an effective and well tested disaster recovery plan. If you don’t currently have one it can be daunting thinking about where to start. To help kick things off we’ve pulled together the following five areas that we recommend are included in your disaster recovery plan in order to ensure seamless business continuity.

What should your plan include?

1. Definition of your tolerance levels

The first step in creating a disaster recovery plan is to work out what is your organisation’s tolerance for downtime and data loss. This will help you plan out how fast you need to get things back up and running and what data backup method you need in place. This will vary from company to company, for example a school can afford a few hours of downtime as lessons, on the whole, can carry on as normal, but for an ecommerce business they will need to be back up and running in minutes.

These will become your acceptable Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO). If you find that your organisation is unable to handle more than a few seconds of downtime (like in the financial industry where downtime can result in financial penalties2) then you may need to look at implementing cloud-based continuous sync and replication backup solutions like Zerto.3

2. A list of priorities

Next you should carry out an inventory of all of the applications and hardware you use and prioritise them into the following categories:

High – which can you do without for half a day but still continue to provide most of your business services.

Medium – which ones can you stand to live without for a day or more.

By going through everything your organisation uses in this way it ensures that a) nothing gets missed, which can happen in the midst of an outage when things tend to get a bit chaotic and b) you and your staff know which systems need to be recovered first so all resources are prioritised and assigned to the business critical systems.

3. Who does what?

The next step in your plan should be to assign responsibilities of who needs to do what in the event of a disaster. These should be split into the following categories:

Internal – which systems and hardware do your own staff look after? Defining this makes it clear internally who is going to be responsible for recovering which systems. It’s important to have details of who is second or third in command should some of the people named in the plan be unavailable due to annual leave or sickness.

External – as a lot of your systems will be provided by companies outside of your organisation (software providers, ISPs, data centres etc) you need to know who to contact in an emergency at each one. These contact details need to be constantly updated and stored in a central location where everyone can easily find them (it’s no good having them in the contacts list of just one person’s mobile phone). This list of external suppliers should include companies who can provide hardware fast should yours become damaged by fire or flooding.

When negotiating contracts with external suppliers it’s always good to get agreed SLAs included so you know what to expect in terms of a response in the event of an outage.

By having clarity on who is responsible for which systems it helps generate faster resolutions as everyone has a clear plan of who is handling what and what exactly is expected of them.

4. Communications plan

For both internal and external audiences it’s important to have a communications plan in place. As mentioned above, in real disaster situations chaos can reign so it’s important that you control this with clear instructions of what staff should do and also what staff should communicate to customers.

This plan should include everything from social media posts advising customers that you are experiencing downtime (and how long you expect to be offline) up to advising staff to stay away from the office, work from home or go to a backup site in an extreme situation like your office has flooded.

Often these communications will be sent out from personal non-work devices so for this to be effective you need to have an up-to-date list of staff contact details (possibly including personal mobile numbers), social media logins etc so you can access them during the outage.

5. Testing plan

Finally your plan should include details of how you are going to test your disaster recovery plan and how often. Don’t just write your plan and pop it in a drawer to gather dust until a disaster strikes – test it regularly.

As we’re all busy, it can be easy to let this slip but it’s vital that you schedule tests and ring fence time for staff to carry out these tests, which can’t be overbooked.

Without regular testing you won’t know if your plan is fit for purpose to ensure business continuity.

Don’t rest on your laurels

No good organisation stands still. You will constantly be evolving with new people, new hardware and new systems being added all the time. So it’s important to regularly revisit and revise your disaster recovery plan as needed.

Having a disaster recovery plan won’t make you immune from outages, but it’ll put you in a really strong position to recover a lot faster than without one.

If you would like to find out more about disaster recovery and business continuity solutions get in touch with our Managed Services team who are on hand to help.